# File uploads

## S3 Buckets

Files uploaded by users are stored in [S3 Buckets](https://s3.console.aws.amazon.com/s3/buckets?region=eu-west-2).
These buckets are not publicly accessible.

There are buckets for each environment:

- myvbv-dev.iterativ.ch
- myvbv-stage.iterativ.ch
- myvbv-prod.iterativ.ch

Add the following CORS configuration under bucket -> permissions

```
[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "POST",
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
]
```

## IAM Users

In order to access the buckets a user is required. These users are created in
the [IAM Console](https://console.aws.amazon.com/iam/home?region=eu-west-2#/users).
The users needs the following permissions:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::<bucket-name>",
                "arn:aws:s3:::<bucket-name>/*"
            ]
        }
    ]
}
```